Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

new service probes matches (Re: Nmap-dev-only unofficial Nmap 3.51-TEST2)

From: Martin Mačok <martin.macok () underground cz>
Date: Mon, 8 Mar 2004 10:06:47 +0100
On Sun, Mar 07, 2004 at 10:57:08PM -0800, Fyodor wrote:


I have just put up an unofficial 3.51-TEST2 release in the dist
directory ( http://download.insecure.org/nmap/dist/?M=D ).


My patch against nmap-service-probes 1.35 is at
http://xtrmntr.org/ORBman/tmp/nmap-service-probes.patch

 * new matches
   - POP3 AnalogX Proxy
   - SMTP AnalogX Proxy
   - SGI Performance Co-Pilot
   - AIX rexecd
   - AIX rlogin
   - AIX rshd
   - another Lotus Notes POP3 match
   - another Postfix SMTP match
   - another Kerio PF services matches
   - another IBM HTTP Server (Apache) match
   - another two Oracle HTTP Server matches
   - another IBM Websphere Application server match
   - another JRun Webserver match
   - another pdnsd match
 
 * fixes:
   - Kerio PF services names somewhat unified
   - webfs match generalized
   - missing \r in Kazaa HTTP match
   - missing d in pdnsd name

 * TODO:
   - fix broken $Revision X.Y$ entries in the file messing with CVS
     (lines prepended with #FIXME - I don't know how exactly they
     should look like)
   - I have seen behaviour when sometimes GetRequest missed and
     HTTPOptions matched (with the same pattern), sometimes not ...
     probably the host was too slow ?
   - some probes are commented out to not slow down the scan in
     general case, but they're there if someone wants them (handy)
   - There are some entries with "(?)" string in their names. These
     are the ones I'm not 100% sure with them but still better than
     nothing? For example - have you ever seen HTTP server with
     Content-Location: http://[ip.address]/xy other than MS IIS? Some
     of them I'm not sure with (I have (almost :-) no control of the
     machine) but I saw them in different hosts always on the same OS
     and same well-known port (MS DTC/ERROR case)...

Martin Mačok

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: